mailscanner with heavy load
paulo-m-roncon at ptinovacao.pt
Mon Feb 2 13:28:42 GMT 2009
Steve : 60msg/sec = 60msg*60s*60m*24h= 5184000!!!
So 5 childs/1RAM/1CPU => 20childs/4RAM/4CPU, right???
But i have RAM to spare... can I increase the number of childs?
60 message/sec == 518,400 messages per day.
The key metric for MailScanner is the average time to scan a single message; on a tuned system this can take anywhere between 1 and 8 seconds maximum depending on the message. This includes SA (with compiled rulesets), ClamAV, FProt6, Razor2, DCC and all the default DNSBL/URIBL lookups in SA and writing the data to MailWatch.
Disabling DCC, Razor2 and all untrusted DNSBLs would decrease the scan time considerably. Note that to get reasonable scan times you *cannot* use *any* command-line virus scanner that doesn't use sockets or a persistent daemon.
If you base the default at 8 seconds per message (which is
1 child can process 10,800 msgs/day, therefore you would require ~47 MailScanner children to process 500,000 messages per day.
Based on the tuning metric of 5 children per GB RAM and per CPU - you would need 10 CPUs and 10Gb RAM minimum to process that load based on a default configuration.
So three boxes of that specification would suffice to handle the required load with some overhead to spare. You would also need to make sure each box got an equal load of the input messages, so some sort of load balancer would be required.
I would also recommend buying Spamhaus, URIBL and SURBL datafeeds and run rbldnsd locally on your network as you will be way over the threshold to use the public mirrors - this will also prevent the lookups from hurt the scan performance adversely. I seriously recommend looking at my firms BarricadeMX product which can sit in-front of MailScanner and reduce the message input to your MTA and into MailScanner considerably to avoid any nasty spikes, improve efficiency and performance and catch-rate.
Hope that gives you a rough guide.
Fort Systems Ltd.
More information about the MailScanner